The human/computer interface services provide the link between users and applications. As such, they provide an easy-to-learn programming interface to applications, which is consistent across applications and generally friendly to users. Taking advantage of high resolution color graphics and networking capabilities inherent with today's hardware platforms, and the multi-tasking capabilities of today's operating systems, the human/ computer interface services also provide platform- and network- independent support for a window-based environment. Table 2-2 lists the standards adopted for the human/ computer interface services.
Table 2-2. Human/Computer Interface Service Standards
This service component describes the human/computer interface services within the context of the seven layers of the UISRM, shown in figure 2-2 and described in more detail in Appendix A . Layers 0, 1, and 2 are based on the Massachusetts Institute of Technology's X Window System. Work is still in progress on establishing standards for layers 3, 4, and 5, commonly referred to as the Graphical User Interface (GUI).
FIPS PUB 158-1:1993 User Interface Component of Applications Portability Profile defines the seven-layered UISRM and specifies the lower three layers of this model. The FIPS specification consists of the following documents from the X Consortium, X Window System, Version 11, Release 5 (X11R5):
The specifications for FIPS PUB 158-1 define the primitives, intrinsic functions based on these primitives, and some of the lower-level library specifications for human/computer interface services. FIPS PUB 158- 1 does not specify the four remaining upper protocol layers or any of the "look and feel" or style services that will be accessible at higher levels of abstraction, thereby not containing a full complement of utilities and services required to allow application programmers to easily program human/computer interfaces.
The Inter-Client Communications Conventions Manual (ICCCM) V1.1 from the Massachusetts Institute of Technology (MIT) X Consortium, although not part of the FIPS PUB 158-1, is also being adopted by DODIIS. ICCCM is a list of recommendations that defines how human/computer interface application programs communicate with each other in a system. For example, ICCCM defines the mechanisms necessary for cut-and-paste operations between windows.
Through the Common Open Software Environment (COSE) work group, most major Unix system developers have agreed on a Common Desktop Environment (CDE) based on the X Window system (X11R5) and the Open Software Foundation (OSF)/Motif GUI, with modifications to support users familiar with the OpenLook GUI. The Motif specification defined by the COSE work group is being proposed for inclusion in the X/Open Portability Guide (XPG). (See section 2.7 for a further discussion.) Until the COSE CDE becomes commercially available, the OSF/Motif GUI is being adopted as the DODIIS standard.
To ensure a consistent human/computer interface across the user community, the DOD Human Computer Interface (HCI) Style Guide , version 3 is being adopted (note that this document has been integrated into the TAFIM as volume 8). This style guide provides a common framework for human computer interface design and implementation, defining the long-term functional goals, objectives, and requirements of the HCI. The Guide is not only a reference manual, but a practical guide which covers all human/computer interface topic areas.
HCI security services include the definition and execution of types of user access to objects within the purview of human/computer interface systems, such as access to windows, menus, icons, and the window display (e.g., security labels). HCI security aspects also include trusted interwindow transfers (e.g., cutting Secret data from a Top Secret window and pasting this data in a Secret window) and the identification and authentication of an individual user at login.
X11 provides mechanisms for implementing many access control systems. X11R5 security mechanisms include host-level access control (via xhosts), MIT-MAGIC-COOKIE-1 (shared plaintext "cookies"), XDM-AUTHORIZATION-1 (xauth), and SUN-DES-1 (based on Sun's secure Remote Procedure Call (RPC) system).
X11R6 provides support for MIT Kerberos Version 5 authentication. With Kerberos user-based authorization, the owner of a display can enable and disable specific users, or Kerberos principals. The xhost client is used to enable or disable authorization. X11R6 is not widely available with COTS operating systems. As X11R6 becomes a DODIIS standard, DODIIS sites will be able to assess the potential applicability of the Kerberos mechanisms for X11 security needs.
The DODIIS security standards for human/computer interface services are: appendix A of the DOD HCI Style Guide; DDS-2600-6215-91, Compartmented Mode Workstation Labeling: Source Code and User Interface Guidelines; and DDS-2600-6216-93, Compartmented Mode Workstation Labeling: Encodings Format (Release 2.2). These documents address the security portion of the user system interface (USI) and are intended for programmers who are developing applications for Compartmented Mode Workstations (CMWs).
Appendix A, "Security Presentation Guidelines," of the DOD HCI Style Guide seeks to provide a uniform HCI across all CMW applications. The content of this appendix is derived from the Defense Intelligence Agency (DIA) Standard User Interface Style Guide (DIA Memorandum U-15, 284/DSE-3) and DDS- 2600-6215-91. Topics addressed in this appendix include standard labels for CMWs, screen presentations (e.g., sample trusted path main menu), and guidelines for allowing users to change classification labels.
Due to the need for interoperability of CMWs within the intelligence community, standard software for operating on security labels is needed. The Compartmented Mode Workstation Labeling: Source Code and User Interface Guidelines, DDS-2600-6215-91, describes the DIA-standard software for achieving this interoperability. This software, which will be configuration managed by DIA, is written to be generally applicable to any CMW operating system. DDS-2600-6215-91 also describes a demonstration program that includes a human/computer interface for setting and changing information labels, sensitivity labels, and user clearances. Additional guidance on the usage of the DIA labeling software can be found in Appendix E of DDS-2600-6243-91, Compartmented Mode Workstation Evaluation Criteria, Version 1 (Final).
The Source Code and User Interface Guidelines describes the standard software that operates on the encodings described in DDS-2600-6216-93. DDS-2600-6216-93, Compartmented Mode Workstation Labeling: Encodings Format (Release 2.2), describes the encodings that are used by a CMW to control the conversion of human-readable labels into the internal format used by the CMW, the conversion from the internal format to a human-readable canonical form, and the construction of banner pages for printed output.
